ABAP Command Injection: how to change the productive SAP system

preview_player
Показать описание
ABAP Command Injection translates to: a developer has added code that allows to add more code at a later point in time. You don't need developer keys for that. Thus you can exploit this backdoor even if the system is configured as not changeable. Even worse: even SAP standard code can be changed. This means that an attacker can use the backdoor to do whatever he wants in the vulnerable SAP system. Compliance is lost immediately, your next IT audit is in danger!

Watch out for dangerous ABAP commands that allow an ABAP command injection!
Рекомендации по теме
Комментарии
Автор

Check out our free whitepaper download: "The ABAP Underverse"

Virtualforge